Bug 508717 - setroubleshoot: SELinux is preventing the plasma-desktop from using potentially mislabeled files (plasma-desktopQF2852.slave-socket).
Summary: setroubleshoot: SELinux is preventing the plasma-desktop from using pote...
Keywords:
Status: CLOSED DUPLICATE of bug 508718
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:ecdb08232f2...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-06-29 15:54 UTC by Jerry Amundson
Modified: 2009-06-29 16:12 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-06-29 16:12:50 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Jerry Amundson 2009-06-29 15:54:28 UTC 
The following was filed automatically by setroubleshoot:

Summary:

SELinux is preventing the plasma-desktop from using potentially mislabeled files
(plasma-desktopQF2852.slave-socket).

Detailed Description:

[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]

SELinux has denied plasma-desktop access to potentially mislabeled file(s)
(plasma-desktopQF2852.slave-socket). This means that SELinux will not allow
plasma-desktop to use these files. It is common for users to edit files in their
home directory or tmp directories and then move (mv) them to system directories.
The problem is that the files end up with the wrong file context which confined
applications are not allowed to access.

Allowing Access:

If you want plasma-desktop to access this files, you need to relabel them using
restorecon -v 'plasma-desktopQF2852.slave-socket'. You might want to relabel the
entire directory using restorecon -R -v '<Unknown>'.

Additional Information:

Source Context                unconfined_u:system_r:hotplug_t:s0
Target Context                unconfined_u:object_r:tmp_t:s0
Target Objects                plasma-desktopQF2852.slave-socket [ sock_file ]
Source                        plasma-desktop
Source Path                   /usr/bin/plasma-desktop
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           kdebase-workspace-4.2.90-3.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.20-1.fc12
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   home_tmp_bad_labels
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.30-0.1.2.32.rc8.xendom0.fc12.x86_64 #1 SMP Thu
                              Jun 4 17:46:39 EDT 2009 x86_64 x86_64
Alert Count                   1
First Seen                    Mon 29 Jun 2009 08:57:24 AM CDT
Last Seen                     Mon 29 Jun 2009 08:57:24 AM CDT
Local ID                      7c48d4ba-fe11-49a0-bd18-b15d28f6803b
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1246283844.669:39113): avc:  denied  { unlink } for  pid=2852 comm="plasma-desktop" name="plasma-desktopQF2852.slave-socket" dev=dm-1 ino=58709 scontext=unconfined_u:system_r:hotplug_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file

node=(removed) type=SYSCALL msg=audit(1246283844.669:39113): arch=c000003e syscall=87 success=yes exit=0 a0=258e148 a1=7fffc9edc0e0 a2=375ea35e70 a3=bf items=0 ppid=1 pid=2852 auid=2355 uid=2355 gid=100 euid=2355 suid=2355 fsuid=2355 egid=100 sgid=100 fsgid=100 tty=(none) ses=1 comm="plasma-desktop" exe="/usr/bin/plasma-desktop" subj=unconfined_u:system_r:hotplug_t:s0 key=(null)


audit2allow suggests:

#============= hotplug_t ==============
allow hotplug_t tmp_t:sock_file unlink;
Comment 1 Daniel Walsh 2009-06-29 16:09:46 UTC 
Who created the file plasma-desktopQF2852.slave-socket, was this created by hotplug?
Comment 2 Daniel Walsh 2009-06-29 16:12:50 UTC 

*** This bug has been marked as a duplicate of bug 508718 ***
Note You need to log in before you can comment on or make changes to this bug.